Sony v. Anonymous Hackers

For over a month now, Sony’s PlayStation Network has been completely out of commission, thanks to a major hacking expedition that resulted in one of the biggest data breaches in history. Although the source of the attacks has not been confirmed, events leading up to the outage have led many to suspect that the cybervigilante group Anonymous is behind the operation. Anonymous is a loosely-affiliated group of hackers who keep their identities secret through use of pseudonyms and anonymizing software.

The Sony saga began unfolding on April 4, when sony.com and the PlayStation online store became mysteriously inaccessible. Online gamers, many accustomed to playing around the clock, complained that the PlayStation Network was barely responsive. In predictable corporate fashion, Sony released an official statement to its PlayStation Network users that the network was “undergoing maintenance.” But Sony knew the real cause of its technical dilemma, for Sony had been warned. On the day of the website crashes, a video press release entitled “A Message to Sony from Anonymous” appeared on YouTube, in which a computerized voice recited the following:

Hello Sony.

It has come to our unfortunate attention that you have decided to interrupt the free flow of information. As you well know from other acts performed by Anonymous, we will not stand for this.

By suing GeoHot, and attempting to view the IP addresses of those who watched his videos, you have angered the hive.

You have abused and penalized your customers, for obtaining and sharing jailbroken software. This is the same thing as someone buying and legally owning a computer but being punished for installing or deleting programs.

. . . .
Now you will feel the wrath of Anonymous.
Your official websites will be taken offline, including the PlayStation store.
These attacks will continue until we are completely satisfied with the outcome.

We are Anonymous.
We are Legion.
We do not forgive greedy companies.
We do not forget the denial of free flow of information.
Expect us.

Just weeks before, Sony had pursued legal action against a PlayStation Network user George Hotz, known to gamers as “GeoHot,” after he released instructions for jailbreaking the PlayStation on his personal website. During discovery, Sony obtained the court’s blessing to dig up the names and IP addresses of any person who had visited GeoHot’s website. Enraged by what it perceived to be invasions of privacy and unwarranted punishment of jailbreakers, Anonymous took matters into its own hands, assaulting Sony’s corporate website and gaming network through direct denial-of-service (“DDoS”) attacks.

When PlayStation gamers began complaining about PSN downtime, Anonymous ceased fire, warning Sony that “the worst is yet to come.” On April 16, the Anons took their message offline in the form of in-store protests organized via Facebook, an event that, while causing some Sony retail stores in London to close for the day, was an overall failure. It soon became apparent, though, that these protests might not have been the “worst” that the Anons were referring to. On April 27, Sony announced that it had experienced an “illegal and unauthorized intrusion” between April 17 and April 19, resulting in the loss of customer information that could amount to one of the “biggest data breaches in history.” Although Anonymous has not yet been conclusively linked to the data theft, the group is certainly a prime suspect. Many Anons have claimed that the group is not responsible, while some believe that a splinter group of Anons acted on their own.

Assuming Anonymous is responsible, what can be done to stop them? A group that has the ability to incapacitate the online gaming network of one of the world’s premier technology companies is clearly a force that cannot be ignored. Unfortunately, neither technology nor the law is currently well equipped to regulate activities undertaken by loosely-affiliated groups of unidentifiable individuals. For instance, it is almost impossible to track down individual Anonymous participants, who use sophisticated anonymizing techniques. Moreover, since Anonymous is an informal, amorphous group, there is no organizational entity to hold accountable. As anonymous, collective action becomes a more common phenomenon in the online world, the law will need evolve accordingly.